[EMAIL PROTECTED] wrote on 09-07-2003 12:37:29 PM: > Hi, > > They obviously set things so I could not reboot or find out what is going > on. The first thing I discovered was that they had change the index.html > file on the web server - I thought something had gone astray so rebooted and > that is when it all started. > > I never surfed the net as root....and thought I had the box locked down - > only open ports were the normal ones (80, 21, 22) etc. I have no idea how > they got in but maybe it was through SSH (I might have a older version that > could be hacked). There was no telnet or anything like that. > I would have thought the more likely culprit would either be your webserver, or ftp server. Check the security advisories released after the versions you are running.
Cheers, Scott -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
